Copying a couple of examples from Kaplan's link I ran: openssl pkcs12 -in gd_bundle.crt -info -noout and on the rest of the files. No joy.
I have gone through the reissue process 6 times. Literally. I tried different download schemes; Apache, Tomcat, Other 9448:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1294: 9448:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:380:Type=PKCS12 This all started because this site throws, "... uses an invalid security certificate. The certificate is not trusted because it is self signed." when you connect. Thanks Bob >>> Larry Price <[email protected]> 1/17/2011 10:59 AM >>> On Jan 17, 2011, at 10:01 AM, Bob Crandell wrote: Greetings, I have a client that is trying to create a keyfile to feed to JBoss. She bought one from GoDaddy and now we are trying to figure out how to use the *.crt files they sent back. Their directions are sorely lacking in detail. This is where I'm stuck: openssl pkcs12 -export -chain -CAfile gd_bundle.crt -in <name of your certificate> -inkey <name of your certificate private key file> -out keystore.tomcat -name tomcat -passout pass:changeit They sent, in a zip file, gd_bundle.crt gd_cross_intermediate.crt gd_intermediate.crt server.domain.ext.crt My question is, What is <name of your certificate> and <name of your certificate private key file>? Thanks for being there, When your client purchased the certificate, she used a CSR that was generated by her from the private key and the subject information that she provided. There is no absolute naming convention for private keys, but they are usually marked as either .pem or .pvk or .key If you can't find the private key, then you will need to reissue the cert by creating a new private key and csr and going through godaddy's reissue process.
_______________________________________________ EUGLUG mailing list [email protected] http://www.euglug.org/mailman/listinfo/euglug
